New Security Tools for IIS and SQL... / Nouveaux outils de securité pour IIS et SQL Server....

Suite aux récentes alertes de sécurité dont je m'étais fait l'écho ici et là, concernant une recrudescence des attaques de type "SQL injection", le centre de réponse Microsoft pour la Sécurité annonce la disponibilité de 3 nouveaux outils permettant aux utilisateurs de prévenir ces attaques.

Ce sont :

• UrlScan 3.0 Beta ( see Wade Hilmo's blog for more ), a security tool that restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, the UrlScan helps prevent potentially harmful requests.
• Microsoft Source Code Analyzer for SQL Injection (MSCASI) CTP ( see the SQL Security blog for more ), a tool that can be used to detect ASP code susceptible to SQL injection attacks.
• Scrawlr ( see HP's security blog for more ), a free scanner, developed by HP Web Security Research Group in conjunction with Microsoft, which will allow customers to identify whether their Web sites might be susceptible to SQL injection.